CIOREVIEW >> Microsoft >>

Consternations Engulfing Backup for Microsoft Private Cloud

By CIOReview | Tuesday, August 9, 2016

The migration of a simple virtual server environment to a private or hybrid cloud is one of the biggest ongoing trends in IT at the moment. Amidst all this migration and the related processes involved, enterprises have to comprehend how this transition will affect the backup processes. Addressing the security concern undoubtedly lies at the centre of the backup process. However, there are few other elements organizations need to take under consideration while transitioning to sophisticated private cloud environments, such as Microsoft’s very own private cloud ecosystem.

Microsoft private cloud is created from very basic components identical to the elements constituting a Hyper-V deployment, viz. Hyper-V servers, System Center Virtual Machine Manager (SCVMM), and one or more Cluster Shared Volumes. When backup for Microsoft private cloud is taken under consideration, two major challenges usually persist and it’s essential to address those issues to facilitate the backup process. The first issue revolves around knowing the components which need protection, subsequently ensuring that the components integral in rebuilding the private cloud environment in case of a failure are backed up. The second obstacle is related to backing up of virtual machines (VMs) which reside on inaccessible virtual network segments. Companies can realize the true benefits of incorporating a backup process only by addressing the two major challenges.

Identifying the Key Elements which Require Protection

Backup requirements for each company will vary as every private cloud environment is not identical. But, despite this variation, some aspects about the backup don’t change much. For instance, backing up a Microsoft private cloud environment would usually require backing up the Azure Pack server, all Hyper-V servers, and SCVMM and its underlying database.

Windows Azure Pack for Windows Server is a patented technology from Microsoft primarily aimed at migrating organizations to the cloud. It helps Windows Server admins to create new infrastructure on-demand, utilized by organizations for their apps and data center. Azure Pack is ideal for firms who intend to shift to a private cloud, but still desire some of the benefits of incorporating a public cloud. Azure Pack runs on top of Windows Server 2012 R2 and Microsoft System Center 2012 R2 and is essentially a Web application that provides tenant and administrative access to the private cloud environment. A server running on Azure Pack usually comprises of components such as Internet Information server (IIS), the Virtual Machine Manager console, the Service Provider Foundation (part of System Center Orchestrator), and few other miscellaneous elements (like the .NET Framework). Additionally, backup operation has to be performed for the SQL Server database, which Azure Pack uses.

Microsoft private clouds need several different service accounts to function, which exist within the Active Directory database. Moreover, as security threats and poor planning often cause significant amount of money for enterprises, it becomes imperative that companies incorporate an appropriate Active Directory database. Thus, it’s eminently significant for an organization to include Active Directory into their backup routine for Microsoft private cloud environment.

Backing up of the Virtual Machines

Self-service VM creation and management capabilities are usually provided by private cloud environments to their authorized users. These users leverage the capabilities of Azure Pack Tenant portal to develop VMs from predefined templates. The VMs created can be configured and utilized by the users for accomplishing their objectives. As users can possibly do anything with the VMs they own, it becomes highly pertinent for a private cloud environment to enforce strict tenant isolation policy.

By incorporating tenant isolation, a tenant is prohibited from accessing (or even seeing) another tenant’s VMs. The policy involves the private cloud placing each tenant’s virtual machines onto a separate, isolated network segment. The concept is identical to the process incorporated by public clouds such as Microsoft Azure or Amazon Web Services. In a public cloud environment, a number of different customers create their own VMs. Thus, a public cloud provider has to protect and preserve each customer’s security and privacy by installing isolation boundaries. The underlying cloud infrastructure is protected from being exposed by customers, incorporating the same boundaries. Same sort of controls is exercised by Microsoft private cloud to provide tenant isolation. The policy is based on comprehensive knowledge about the potential exposure points for sensitive information and functions.

Backing up VMs Existing on an Isolated Network Segment

The vStorage APIs for Data Protection and Changed Block Tracking allow VMs to be backed up simply and without employing disrupting applications, but there lies few drawbacks to the utilization. VMware offers a low-end package called VMware Data Recovery (VDR), which is limited to a maximum of 100 VMs and 1 TB datastores. Moreover, there is no global capability and it doesn’t replicate.

However, there are many backup vendor products which are feature-rich, reflect scalability, and take full advantage of vStorage APIs for Data Protection (VADP) and CBT. VADP allows a physical or virtual backup server to instruct vSphere to take a Virtual Machine Disk (VMDK) snapshot of the specific VM and back it up directly to the backup server. Moreover, VMware is furnishing newer tools for backup vendors to leverage.

Let’s glance through two principle approaches employed by backup administrators for backing up VMs existing on a completely isolated network segment:

• Backing up each Hyper-V server at the host level is essentially an effective approach employed by companies. All the VMs are automatically backed up executing this method, and the process involves configuration of virtual networks, tenants, and permissions through System Center Virtual Machine Manager (SCVMM), which are eventually stored in an SQL Server database. The intricacy and significance of all the components employed in this process makes it crucial to also create back up of them. Enterprises rely on host-level backup as buying and managing backup agents for every individual virtual machine becomes more expensive and complex. However, host-level backup products are relatively new and need testing before users employ them for data protection.
• Guest-level backup of VMs is relatively less used in a cloud-scale environment because of their labor-intensive nature, but is undoubtedly another significant strategy used by backup administrators. Guest-level backup takes the central stage in lightly virtualized enterprises, for unsupported operating systems, or in scenarios which depict tighter IT budgets. Virtual network isolation renders the VM invisible to the backup server. In such a situation, just installing a backup agent into the virtual solution isn’t enough, and it’s important to handle the backup in a way similar to backing a VM from across the internet. This process creates a logical connection allowing the backup server to communicate with VMs on an isolated network segment. Meanwhile, it’s critical to ensure implementation of proper firewall measures to prevent movement of any other traffic, but the backup across the link.

Although guest-level VM backups can be a taxing job in itself, backing up a Microsoft private cloud isn’t really as burdensome as it seems. Enterprises usually give less preference to guest-level backups of tenant VMs, when compared with the host-level backup strategy. Moreover, host-level backups serve the purpose in most scenarios and are easier to implement.